Let's jump right in and go over the four steps to prevent a hardware hack:
Step 1: Buy from a trusted motherboard design and manufacturing company
After the recent news about offshore computer hardware getting hacked, it is critical to review your computer supplier. Are they simply repackaging an offshore motherboard or do they control the whole process here in the United States?
Step 2: Isolate your network
Most sensitive applications (especially in the military) ensure that their application has no access to the outside internet. As an example of this threat, note that some IPMI (Intelligent Platform Management Interface) software can actually make remote calls home which allows the hacker to then backdoor through the BMC (Base Management Controller) hardware almost like a remote KVM.
Step 3: Disable the BMC
The Base Management Controller is a great tool to remote into a motherboard remotely and have absolute control over the whole computer. In fact, you can actually remotely shut down the computer, get into the BIOS, access the hard drives, etc. Unless you have a need for this type of control I strongly suggest you require that your computer supplier disable this device.
Step 4: Protect your firmware
According to some sources like Wired, 80% of PCs have firmware vulnerabilities. Protect against this with secureFlash (protects against unsigned BIOS updates) and secureBoot (protects against unsigned bootloaders, OS, and other firmware).
While you may not have followed all of the verbiage and acronyms above, I assure you that these tasks are very easy for a computer supplier to do, assuming they control the board design and manufacturing processes.
If you'd like to read more on the topic of hardware hacking, check out our blog where we outline how to protect your servers from a hardware hack.
Have specific questions about our Made in USA products? Give us a call, chat with us online, or send us an e-mail. One of our Engineers will be more than happy to assist.